On Wed, 21 May 2008 07:13:10 +0200, "Christiaan den Besten" <chris@xxxxxxxxxxxxxxx> said: > Bron, > > What does the authentication for nginx for you, since it can't query > for example a ldap directly ( at least, not the last time I checked )? > The epoll will scale, but wondering what is the most 'light' method to > do the actual authentication .. Perl, it's the swiss cheese^H^H^H^H^H^Harmy knife of tools. Specifically, we have this funky little thing that's increasingly inaccurately named "saslperld". It's just forking Net::Server derivative that listens to unix sockets. It currently talks the following protocols: * lookup * mux * nginx * perdimap * perdpop * vfs Ok - so we don't use either of the perdition ones any more, they should probably get removed in the cleanup I'm planning to do later this week (while working on one time password, openid, other goodies). "lookup" is a simple key value protocol allowing usernames to be resolved to our internal userids. It's used by log analysis tools. "mux" is the saslauthd protocol. Some sort of packed struct format from memory. "nginx" is the nginx http authentication protocol "vfs" is also very badly named. It's the protocol that I originally wrote for handling our vfs interfaces (DAV & FTP) but has since expanded to be used by our web interface and every other bit of code that wants to check user authentication details, because the protocol is so easy to use from our perl libraries. The overhead of unix sockets really is very low, and being separate processes means any epoll thingy (looking a DJabberd soon hopefully) can chat to it asynchronously without having to do its own thread pool. It also listens on a UDP port for broadcast cache expiry events and caches user details to reduce database traffic for protocols with frequent short-lived logins. Bron. -- Bron Gondwana brong@xxxxxxxxxxx ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
